Support specifying control plane firewall rules when creating or upda…

…ting DOKS clusters (#696) * CON-10347 * CON-10347 * CON-10347 * CON-10347 * CON-10347 add test --------- Co-authored-by: Oliver Love <olove@digitalocean.com> Co-authored-by: Andrew Starr-Bochicchio <andrewsomething@users.noreply.github.com>
digitalocean · Jun 4, 2024 · 1b9fcb0 · 1b9fcb0
1 parent 333fbb5
commit 1b9fcb0
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 15 deletions.
diff --git a/kubernetes.go b/kubernetes.go
@@ -76,18 +76,20 @@ type KubernetesClusterCreateRequest struct {
 
 	NodePools []*KubernetesNodePoolCreateRequest `json:"node_pools,omitempty"`
 
-	MaintenancePolicy *KubernetesMaintenancePolicy `json:"maintenance_policy"`
-	AutoUpgrade       bool                         `json:"auto_upgrade"`
-	SurgeUpgrade      bool                         `json:"surge_upgrade"`
+	MaintenancePolicy      *KubernetesMaintenancePolicy      `json:"maintenance_policy"`
+	AutoUpgrade            bool                              `json:"auto_upgrade"`
+	SurgeUpgrade           bool                              `json:"surge_upgrade"`
+	ControlPlanePermission *KubernetesControlPlanePermission `json:"control_plane_permission,omitempty"`
 }
 
 // KubernetesClusterUpdateRequest represents a request to update a Kubernetes cluster.
 type KubernetesClusterUpdateRequest struct {
-	Name              string                       `json:"name,omitempty"`
-	Tags              []string                     `json:"tags,omitempty"`
-	MaintenancePolicy *KubernetesMaintenancePolicy `json:"maintenance_policy,omitempty"`
-	AutoUpgrade       *bool                        `json:"auto_upgrade,omitempty"`
-	SurgeUpgrade      bool                         `json:"surge_upgrade,omitempty"`
+	Name                   string                            `json:"name,omitempty"`
+	Tags                   []string                          `json:"tags,omitempty"`
+	MaintenancePolicy      *KubernetesMaintenancePolicy      `json:"maintenance_policy,omitempty"`
+	AutoUpgrade            *bool                             `json:"auto_upgrade,omitempty"`
+	SurgeUpgrade           bool                              `json:"surge_upgrade,omitempty"`
+	ControlPlanePermission *KubernetesControlPlanePermission `json:"control_plane_permission,omitempty"`
 
 	// Convert cluster to run highly available control plane
 	HA *bool `json:"ha,omitempty"`
@@ -201,10 +203,11 @@ type KubernetesCluster struct {
 
 	NodePools []*KubernetesNodePool `json:"node_pools,omitempty"`
 
-	MaintenancePolicy *KubernetesMaintenancePolicy `json:"maintenance_policy,omitempty"`
-	AutoUpgrade       bool                         `json:"auto_upgrade,omitempty"`
-	SurgeUpgrade      bool                         `json:"surge_upgrade,omitempty"`
-	RegistryEnabled   bool                         `json:"registry_enabled,omitempty"`
+	MaintenancePolicy      *KubernetesMaintenancePolicy      `json:"maintenance_policy,omitempty"`
+	AutoUpgrade            bool                              `json:"auto_upgrade,omitempty"`
+	SurgeUpgrade           bool                              `json:"surge_upgrade,omitempty"`
+	RegistryEnabled        bool                              `json:"registry_enabled,omitempty"`
+	ControlPlanePermission *KubernetesControlPlanePermission `json:"control_plane_permission,omitempty"`
 
 	Status    *KubernetesClusterStatus `json:"status,omitempty"`
 	CreatedAt time.Time                `json:"created_at,omitempty"`
@@ -240,6 +243,12 @@ type KubernetesMaintenancePolicy struct {
 	Day       KubernetesMaintenancePolicyDay `json:"day"`
 }
 
+// KubernetesControlPlanePermission represents Kubernetes cluster control plane permission.
+type KubernetesControlPlanePermission struct {
+	Enabled          *bool    `json:"enabled"`
+	AllowedAddresses []string `json:"allowed_addresses"`
+}
+
 // KubernetesMaintenancePolicyDay represents the possible days of a maintenance
 // window
 type KubernetesMaintenancePolicyDay int

diff --git a/kubernetes_test.go b/kubernetes_test.go
@@ -542,6 +542,7 @@ func TestKubernetesClusters_Create(t *testing.T) {
 	defer teardown()
 
 	kubeSvc := client.Kubernetes
+	enabled := true
 
 	want := &KubernetesCluster{
 		ID:            "8d91899c-0739-4a1a-acc5-deadbeefbb8f",
@@ -568,6 +569,12 @@ func TestKubernetesClusters_Create(t *testing.T) {
 			StartTime: "00:00",
 			Day:       KubernetesMaintenanceDayMonday,
 		},
+		ControlPlanePermission: &KubernetesControlPlanePermission{
+			Enabled: &enabled,
+			AllowedAddresses: []string{
+				"1.2.3.4/32",
+			},
+		},
 	}
 	createRequest := &KubernetesClusterCreateRequest{
 		Name:         want.Name,
@@ -625,7 +632,13 @@ func TestKubernetesClusters_Create(t *testing.T) {
 		"maintenance_policy": {
 			"start_time": "00:00",
 			"day": "monday"
-		}
+		},
+        "control_plane_permission": {
+             "enabled": true,
+             "allowed_addresses": [
+                 "1.2.3.4/32"
+             ]
+        }
 	}
 }`
 
@@ -755,6 +768,7 @@ func TestKubernetesClusters_Update(t *testing.T) {
 	defer teardown()
 
 	kubeSvc := client.Kubernetes
+	enabled := true
 
 	want := &KubernetesCluster{
 		ID:            "8d91899c-0739-4a1a-acc5-deadbeefbb8f",
@@ -783,12 +797,24 @@ func TestKubernetesClusters_Update(t *testing.T) {
 			StartTime: "00:00",
 			Day:       KubernetesMaintenanceDayMonday,
 		},
+		ControlPlanePermission: &KubernetesControlPlanePermission{
+			Enabled: &enabled,
+			AllowedAddresses: []string{
+				"1.2.3.4/32",
+			},
+		},
 	}
 	updateRequest := &KubernetesClusterUpdateRequest{
 		Name:              want.Name,
 		Tags:              want.Tags,
 		MaintenancePolicy: want.MaintenancePolicy,
 		SurgeUpgrade:      true,
+		ControlPlanePermission: &KubernetesControlPlanePermission{
+			Enabled: &enabled,
+			AllowedAddresses: []string{
+				"1.2.3.4/32",
+			},
+		},
 	}
 
 	jBlob := `
@@ -824,11 +850,17 @@ func TestKubernetesClusters_Update(t *testing.T) {
 		"maintenance_policy": {
 			"start_time": "00:00",
 			"day": "monday"
-		}
+		},
+		"control_plane_permission": {
+             "enabled": true,
+             "allowed_addresses": [
+                 "1.2.3.4/32"
+             ]
+        }
 	}
 }`
 
-	expectedReqJSON := `{"name":"antoine-test-cluster","tags":["cluster-tag-1","cluster-tag-2"],"maintenance_policy":{"start_time":"00:00","duration":"","day":"monday"},"surge_upgrade":true}
+	expectedReqJSON := `{"name":"antoine-test-cluster","tags":["cluster-tag-1","cluster-tag-2"],"maintenance_policy":{"start_time":"00:00","duration":"","day":"monday"},"surge_upgrade":true,"control_plane_permission":{"enabled":true,"allowed_addresses":["1.2.3.4/32"]}}
 `
 
 	mux.HandleFunc("/v2/kubernetes/clusters/8d91899c-0739-4a1a-acc5-deadbeefbb8f", func(w http.ResponseWriter, r *http.Request) {